Re: HTTPS will never prevent the middle men....
Don't you also have to get your wildcart cert included in the trusted CA list of any browser that forwards traffic via your squid, else the users see "not secure" flags in the address bar? Relatively easy if you control the clients (i.e. you're doing this for the purpose of corporate URL monitoring/antivirus etc), but not trivial if you're trying to compromise client machines you don't own.